[Samba] Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE

[Gregory Machin]

Hi.

I we are migrating form domain ad.adc.com to ad.xyz.com , there is a trust
between the two domains.

Before the move the file server was work perfectly, post migration I get
the following in the samba logs

[2013/08/19 08:07:15.961679,  1] smbd/sesssetup.c:342(reply_spnego_kerberos)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2013/08/19 08:07:25.983662,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.01.168 read error =
NT_STATUS_CONNECTION_RESET.
[2013/08/19 11:19:26.308406,  1] smbd/sesssetup.c:342(reply_spnego_kerberos)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2013/08/19 11:19:26.355646,  1] smbd/sesssetup.c:342(reply_spnego_kerberos)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2013/08/19 11:19:39.835641,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.01.168 read error =
NT_STATUS_CONNECTION_RESET.

And on the windows client I get prompted for username and password , It
won't accept any of the ones I have provided.

My workstation and the others that can’t access it are all on the new
domain as the file server (ad.xyz.com) I have a number of other file
servers migrated to ad.xyz.com and they are fine.

I have googled and found the issue is related to Kerberos. I have update
the dns to ensure that the servers hostname resolves correctly in both
forward and reverse lookups. I have noted that /etc/krb5.conf is very
different between the working servers and the broken one , but I don’t know
much about Kerberos so I’m lost.

I have update to :
pbis : 7.0.918
samba :3.6.6-0.129.el5
krb5 : 1.6.1-70.el5_9.2

OS is CentOS 5.3

Clients are windows 7


Any suggestions on how to resolve this ?

Thanks